9 matches found
CVE-2012-0158
CVE-2012-0158 is a Microsoft/MSCOMCTL.OCX (MS Office) vulnerability that enables remote code execution via a crafted file or document. The initial entry lists vulnerable controls in MSCOMCTL.OCX and notes exploitation in the wild around April 2012 (aka “MSCOMCTL.OCX RCE Vulnerability”). Connected...
CVE-2012-1856
CVE-2012-1856 covers a remote code execution vulnerability in the TabStrip ActiveX control (MSCOMCTL.OCX) used by multiple Microsoft Office components and related products. The issue arises from a system-state corruption triggered by crafted (1) documents or (2) web pages, allowing remote attacke...
CVE-2007-1201
CVE-2007-1201 is a remote code execution vulnerability in Microsoft Office Web Components 2000 related to the DataSource handling that can trigger memory corruption. Multiple sources describe the DataSource Vulnerability as allowing an attacker to execute arbitrary code in the user’s context by v...
CVE-2006-1257
CVE-2006-1257 describes an authentication bypass in Microsoft Commerce Server 2002 prior to SP2. The issue arises when sample files in the web server’s AuthFiles directory are present and a remote attacker can log in to authfiles/login.asp with a valid username and any password, then reach the ma...
CVE-2002-0621
CVE-2002-0621 involves a buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000. The underlying cause is a vulnerable installer routine that can be triggered by specific input to the OWC package installer, allowing a remote attacker to cause th...
CVE-2002-0623
The CVE-2002-0623 entry describes a buffer overflow in the AuthFilter ISAPI filter of Microsoft Commerce Server 2000 and 2002. The vulnerability allows remote attackers to execute arbitrary code by sending long authentication data. Connected documents confirm the affected product and component, a...
CVE-2002-0050
CVE-2002-0050 affects Microsoft Commerce Server 2000 via the AuthFilter ISAPI filter. A buffer overflow in the AuthFilter ISAPI filter allows remote attackers to execute arbitrary code by sending long authentication data. The vulnerability is exploitable over the network without authentication, w...
CVE-2002-0622
The CVE-2002-0622 entry concerns the Office Web Components (OWC) package installer used with Microsoft Commerce Server 2000. The vulnerability allows remote attackers to execute commands by providing input to the OWC package installer (Command Execution via installer input). This is described as ...
CVE-2002-0620
CVE-2002-0620 describes a buffer overflow in the Profile Service of Microsoft Commerce Server 2000. The vulnerability enables remote attackers to cause the server to fail or execute arbitrary code in the LocalSystem context by supplying input through an affected API call. The available documents ...